Configure OpenLDAP with SSL/TLS

From Zarafa wiki

Setting up SSL for OpenLDAP requires you to create an SSL certificate, install the certificate, and set up slapd (the OpenLDAP server process) to accept connections on the SSL port. If you already have an SSL certificate (for example, for Apache), then you can use that certificate for slapd also.
First, create a private key with:

$ openssl genrsa -out private.pem 2048

This will create the file 'private.pem' with a 2048-bit private RSA key. You can then create a self-signed SSL certificate with:

$ openssl req -new -x509 -key private.pem -out cert.pem -days 1095

Make sure that the private.pem file stays secret to anybody except the server process serving the SSL (ie slapd), while the cert.pem file is freely available to clients wanting to access the server. Normally, you would place private.pem in /etc/ldap/private.pem and cert.pem in /etc/ssl/certs/<servername>.pem.
You must also create the hash link in /etc/ssl/certs: In debian, this is accomplished by running 'update-ca-certificates'. In other Linux distributions, you must create the link manually with: